<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head>
<!-- GenHTML revision 25226-->
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<title>Introduction to Security in the Java EE Platform - The Java EE 6 Tutorial</title>
<meta name="robots" content="index,follow">
<meta name="robots" content="index,follow">
<meta name="date" content="2011-03-01">
<link rel="stylesheet" type="text/css" href="css/default.css">
<link rel="stylesheet" type="text/css" href="css/ipg.css">
<link rel="stylesheet" type="text/css" href="css/javaeetutorial.css">
</head>

<body>

<table border="0" cellpadding="5" cellspacing="0" width="100%">
<tbody>
   <tr valign="top">
      <td width="400px"><p class="toc level1"><a href="docinfo.html">Document Information</a></p>
<p class="toc level1 tocsp"><a href="gexaf.html">Preface</a></p>
<p class="toc level1 tocsp"><a href="gfirp.html">Part&nbsp;I&nbsp;Introduction</a></p>
<p class="toc level2"><a href="bnaaw.html">1.&nbsp;&nbsp;Overview</a></p>
<p class="toc level2"><a href="gfiud.html">2.&nbsp;&nbsp;Using the Tutorial Examples</a></p>
<p class="toc level1 tocsp"><a href="bnadp.html">Part&nbsp;II&nbsp;The Web Tier</a></p>
<p class="toc level2"><a href="bnadr.html">3.&nbsp;&nbsp;Getting Started with Web Applications</a></p>
<p class="toc level2"><a href="bnaph.html">4.&nbsp;&nbsp;JavaServer Faces Technology</a></p>
<p class="toc level2"><a href="giepx.html">5.&nbsp;&nbsp;Introduction to Facelets</a></p>
<p class="toc level2"><a href="gjddd.html">6.&nbsp;&nbsp;Expression Language</a></p>
<p class="toc level2"><a href="bnaqz.html">7.&nbsp;&nbsp;Using JavaServer Faces Technology in Web Pages</a></p>
<p class="toc level2"><a href="gjcut.html">8.&nbsp;&nbsp;Using Converters, Listeners, and Validators</a></p>
<p class="toc level2"><a href="bnatx.html">9.&nbsp;&nbsp;Developing with JavaServer Faces Technology</a></p>
<p class="toc level2"><a href="gkmaa.html">10.&nbsp;&nbsp;JavaServer Faces Technology Advanced Concepts</a></p>
<p class="toc level2"><a href="bnawo.html">11.&nbsp;&nbsp;Configuring JavaServer Faces Applications</a></p>
<p class="toc level2"><a href="gkiow.html">12.&nbsp;&nbsp;Using Ajax with JavaServer Faces Technology</a></p>
<p class="toc level2"><a href="gkhxa.html">13.&nbsp;&nbsp;Advanced Composite Components</a></p>
<p class="toc level2"><a href="bnavg.html">14.&nbsp;&nbsp;Creating Custom UI Components</a></p>
<p class="toc level2"><a href="bnafd.html">15.&nbsp;&nbsp;Java Servlet Technology</a></p>
<p class="toc level2"><a href="bnaxu.html">16.&nbsp;&nbsp;Internationalizing and Localizing Web Applications</a></p>
<p class="toc level1 tocsp"><a href="bnayk.html">Part&nbsp;III&nbsp;Web Services</a></p>
<p class="toc level2"><a href="gijti.html">17.&nbsp;&nbsp;Introduction to Web Services</a></p>
<p class="toc level2"><a href="bnayl.html">18.&nbsp;&nbsp;Building Web Services with JAX-WS</a></p>
<p class="toc level2"><a href="giepu.html">19.&nbsp;&nbsp;Building RESTful Web Services with JAX-RS</a></p>
<p class="toc level2"><a href="gjjxe.html">20.&nbsp;&nbsp;Advanced JAX-RS Features</a></p>
<p class="toc level2"><a href="gkojl.html">21.&nbsp;&nbsp;Running the Advanced JAX-RS Example Application</a></p>
<p class="toc level1 tocsp"><a href="bnblr.html">Part&nbsp;IV&nbsp;Enterprise Beans</a></p>
<p class="toc level2"><a href="gijsz.html">22.&nbsp;&nbsp;Enterprise Beans</a></p>
<p class="toc level2"><a href="gijre.html">23.&nbsp;&nbsp;Getting Started with Enterprise Beans</a></p>
<p class="toc level2"><a href="gijrb.html">24.&nbsp;&nbsp;Running the Enterprise Bean Examples</a></p>
<p class="toc level2"><a href="bnbpk.html">25.&nbsp;&nbsp;A Message-Driven Bean Example</a></p>
<p class="toc level2"><a href="gkcqz.html">26.&nbsp;&nbsp;Using the Embedded Enterprise Bean Container</a></p>
<p class="toc level2"><a href="gkidz.html">27.&nbsp;&nbsp;Using Asynchronous Method Invocation in Session Beans</a></p>
<p class="toc level1 tocsp"><a href="gjbnr.html">Part&nbsp;V&nbsp;Contexts and Dependency Injection for the Java EE Platform</a></p>
<p class="toc level2"><a href="giwhb.html">28.&nbsp;&nbsp;Introduction to Contexts and Dependency Injection for the Java EE Platform</a></p>
<p class="toc level2"><a href="gjbls.html">29.&nbsp;&nbsp;Running the Basic Contexts and Dependency Injection Examples</a></p>
<p class="toc level2"><a href="gjehi.html">30.&nbsp;&nbsp;Contexts and Dependency Injection for the Java EE Platform: Advanced Topics</a></p>
<p class="toc level2"><a href="gkhre.html">31.&nbsp;&nbsp;Running the Advanced Contexts and Dependency Injection Examples</a></p>
<p class="toc level1 tocsp"><a href="bnbpy.html">Part&nbsp;VI&nbsp;Persistence</a></p>
<p class="toc level2"><a href="bnbpz.html">32.&nbsp;&nbsp;Introduction to the Java Persistence API</a></p>
<p class="toc level2"><a href="gijst.html">33.&nbsp;&nbsp;Running the Persistence Examples</a></p>
<p class="toc level2"><a href="bnbtg.html">34.&nbsp;&nbsp;The Java Persistence Query Language</a></p>
<p class="toc level2"><a href="gjitv.html">35.&nbsp;&nbsp;Using the Criteria API to Create Queries</a></p>
<p class="toc level2"><a href="gkjiq.html">36.&nbsp;&nbsp;Creating and Using String-Based Criteria Queries</a></p>
<p class="toc level2"><a href="gkjjf.html">37.&nbsp;&nbsp;Controlling Concurrent Access to Entity Data with Locking</a></p>
<p class="toc level2"><a href="gkjia.html">38.&nbsp;&nbsp;Improving the Performance of Java Persistence API Applications By Setting a Second-Level Cache</a></p>
<p class="toc level1 tocsp"><a href="gijrp.html">Part&nbsp;VII&nbsp;Security</a></p>
<div id="scrolltoc" class="onpage">
<p class="toc level2"><a href="">39.&nbsp;&nbsp;Introduction to Security in the Java EE Platform</a></p>
</div>
<p class="toc level3"><a href="bnbwk.html">Overview of Java EE Security</a></p>
<p class="toc level4"><a href="bnbwk.html#bnbwl">A Simple Application Security Walkthrough</a></p>
<p class="toc level5"><a href="bnbwk.html#bnbwm">Step 1: Initial Request</a></p>
<p class="toc level5"><a href="bnbwk.html#bnbwo">Step 2: Initial Authentication</a></p>
<p class="toc level5"><a href="bnbwk.html#bnbwq">Step 3: URL Authorization</a></p>
<p class="toc level5"><a href="bnbwk.html#bnbws">Step 4: Fulfilling the Original Request</a></p>
<p class="toc level5"><a href="bnbwk.html#bnbwu">Step 5: Invoking Enterprise Bean Business Methods</a></p>
<p class="toc level4 tocsp"><a href="bnbwk.html#bnbww">Features of a Security Mechanism</a></p>
<p class="toc level4"><a href="bnbwk.html#bnbwx">Characteristics of Application Security</a></p>
<p class="toc level3 tocsp"><a href="bnbwy.html">Security Mechanisms</a></p>
<p class="toc level4"><a href="bnbwy.html#bnbwz">Java SE Security Mechanisms</a></p>
<p class="toc level4"><a href="bnbwy.html#bnbxa">Java EE Security Mechanisms</a></p>
<p class="toc level5"><a href="bnbwy.html#bnbxb">Application-Layer Security</a></p>
<p class="toc level5"><a href="bnbwy.html#bnbxc">Transport-Layer Security</a></p>
<p class="toc level5"><a href="bnbwy.html#bnbxd">Message-Layer Security</a></p>
<p class="toc level3 tocsp"><a href="bnbxe.html">Securing Containers</a></p>
<p class="toc level4"><a href="bnbxe.html#bnbxg">Using Annotations to Specify Security Information</a></p>
<p class="toc level4"><a href="bnbxe.html#bnbxf">Using Deployment Descriptors for Declarative Security</a></p>
<p class="toc level4"><a href="bnbxe.html#bnbxh">Using Programmatic Security</a></p>
<p class="toc level3 tocsp"><a href="bnbxi.html">Securing the GlassFish Server</a></p>
<p class="toc level3"><a href="bnbxj.html">Working with Realms, Users, Groups, and Roles</a></p>
<p class="toc level4"><a href="bnbxj.html#bnbxk">What Are Realms, Users, Groups, and Roles?</a></p>
<p class="toc level5"><a href="bnbxj.html#bnbxm">What Is a Realm?</a></p>
<p class="toc level5"><a href="bnbxj.html#bnbxn">What Is a User?</a></p>
<p class="toc level5"><a href="bnbxj.html#bnbxo">What Is a Group?</a></p>
<p class="toc level5"><a href="bnbxj.html#bnbxp">What Is a Role?</a></p>
<p class="toc level5"><a href="bnbxj.html#bnbxq">Some Other Terminology</a></p>
<p class="toc level4 tocsp"><a href="bnbxj.html#bnbxr">Managing Users and Groups on the GlassFish Server</a></p>
<p class="toc level5"><a href="bnbxj.html#bnbxs">To Add Users to the GlassFish Server</a></p>
<p class="toc level5"><a href="bnbxj.html#bnbxt">Adding Users to the Certificate Realm</a></p>
<p class="toc level4 tocsp"><a href="bnbxj.html#bnbxu">Setting Up Security Roles</a></p>
<p class="toc level4"><a href="bnbxj.html#bnbxv">Mapping Roles to Users and Groups</a></p>
<p class="toc level3 tocsp"><a href="bnbxw.html">Establishing a Secure Connection Using SSL</a></p>
<p class="toc level4"><a href="bnbxw.html#bnbxx">Verifying and Configuring SSL Support</a></p>
<p class="toc level4"><a href="bnbxw.html#bnbyb">Working with Digital Certificates</a></p>
<p class="toc level5"><a href="bnbxw.html#bnbyc">Creating a Server Certificate</a></p>
<p class="toc level3 tocsp"><a href="bnbyj.html">Further Information about Security</a></p>
<p class="toc level2 tocsp"><a href="bncas.html">40.&nbsp;&nbsp;Getting Started Securing Web Applications</a></p>
<p class="toc level2"><a href="bnbyk.html">41.&nbsp;&nbsp;Getting Started Securing Enterprise Applications</a></p>
<p class="toc level1 tocsp"><a href="gijue.html">Part&nbsp;VIII&nbsp;Java EE Supporting Technologies</a></p>
<p class="toc level2"><a href="gijto.html">42.&nbsp;&nbsp;Introduction to Java EE Supporting Technologies</a></p>
<p class="toc level2"><a href="bncih.html">43.&nbsp;&nbsp;Transactions</a></p>
<p class="toc level2"><a href="bncjh.html">44.&nbsp;&nbsp;Resource Connections</a></p>
<p class="toc level2"><a href="bncdq.html">45.&nbsp;&nbsp;Java Message Service Concepts</a></p>
<p class="toc level2"><a href="bncgv.html">46.&nbsp;&nbsp;Java Message Service Examples</a></p>
<p class="toc level2"><a href="gkahp.html">47.&nbsp;&nbsp;Advanced Bean Validation Concepts and Examples</a></p>
<p class="toc level2"><a href="gkeed.html">48.&nbsp;&nbsp;Using Java EE Interceptors</a></p>
<p class="toc level1 tocsp"><a href="gkgjw.html">Part&nbsp;IX&nbsp;Case Studies</a></p>
<p class="toc level2"><a href="gkaee.html">49.&nbsp;&nbsp;Duke's Tutoring Case Study Example</a></p>
<p class="toc level1 tocsp"><a href="idx-1.html">Index</a></p>
</td>
      <td width="10px">&nbsp;</td>
      <td>
         <div class="header">
             <div class="banner">
                <table width="100%" border="0" cellpadding="5" cellspacing="0">
                   <tbody>
                      <tr>
                         <td valign="bottom"><p class="Banner">The Java EE 6 Tutorial
</p></td>
                         <td align="right"  valign="bottom"><img src="graphics/javalogo.png" alt="Java Coffee Cup logo"></td>
                      </tr>
                   </tbody>
                </table>
             </div>

             <div class="header-links">
	         <a href="./index.html">Home</a> | 
<a href="../information/download.html">Download</a> | 
<a href="./javaeetutorial6.pdf">PDF</a> | 
<a href="../information/faq.html">FAQ</a> | 
<a href="http://download.oracle.com/javaee/feedback.htm">Feedback</a>

             </div>
             <div class="navigation">
                 <a href="gijrp.html"><img src="graphics/leftButton.gif" border="0" alt="Previous" title="Previous"></a>
                 <a href="p1.html"><img src="graphics/upButton.gif" border="0" alt="Contents" title="Contents"></a>
                 <a href="bnbwk.html"><img src="graphics/rightButton.gif" border="0" alt="Next" title="Next"></a>
             </div>
         </div>

	 <div class="maincontent">      	 
             <a name="bnbwj"></a><h3>Chapter&nbsp;39<br>Introduction to Security in the Java EE Platform</h3><a name="indexterm-1889"></a><p>The chapters in Part VII discuss security requirements in web tier and enterprise
tier applications. Every enterprise that has either sensitive resources that can be accessed
by many users or resources that traverse unprotected, open, networks, such as the
Internet, needs to be protected.</p>

<p>This chapter introduces basic security concepts and security mechanisms. More information on these
concepts and mechanisms can be found in the chapter on security in the
Java EE 6 specification. This document is available for download online at <a href="http://www.jcp.org/en/jsr/detail?id=316">http://www.jcp.org/en/jsr/detail?id=316</a>.</p>

<p>In this tutorial, security requirements are also addressed in the following chapters.</p>


<ul><li><p><a href="bncas.html">Chapter&nbsp;40, Getting Started Securing Web Applications</a> explains how to add security to web components, such as servlets.</p>

</li>
<li><p><a href="bnbyk.html">Chapter&nbsp;41, Getting Started Securing Enterprise Applications</a> explains how to add security to Java EE components, such as enterprise beans and application clients.</p>

</li></ul>
<p>Some of the material in this chapter assumes that you understand basic security
concepts. To learn more about these concepts before you begin this chapter, you
should explore the Java SE security web site at <a href="http://download.oracle.com/javase/6/docs/technotes/guides/security/">http://download.oracle.com/javase/6/docs/technotes/guides/security/</a>.</p>

<p>The following topics are addressed here:</p>


<ul><li><p><a href="bnbwk.html">Overview of Java EE Security</a></p>

</li>
<li><p><a href="bnbwy.html">Security Mechanisms</a></p>

</li>
<li><p><a href="bnbxe.html">Securing Containers</a></p>

</li>
<li><p><a href="bnbxi.html">Securing the GlassFish Server</a></p>

</li>
<li><p><a href="bnbxj.html">Working with Realms, Users, Groups, and Roles</a></p>

</li>
<li><p><a href="bnbxw.html">Establishing a Secure Connection Using SSL</a></p>

</li>
<li><p><a href="bnbyj.html">Further Information about Security</a></p>

</li></ul>

         </div>
         <div class="navigation">
             <a href="gijrp.html"><img src="graphics/leftButton.gif" border="0" alt="Previous" title="Previous"></a>
             <a href="p1.html"><img src="graphics/upButton.gif" border="0" alt="Contents" title="Contents"></a>
             <a href="bnbwk.html"><img src="graphics/rightButton.gif" border="0" alt="Next" title="Next"></a>
         </div>

         <div class="copyright">
      	    <p>Copyright &copy; 2011, Oracle and/or its affiliates. All rights reserved. <a href="docinfo.html">Legal Notices</a></p>
      	 </div>

      </td>
   </tr>
</tbody>
</table>
</body>
</html>

